M&G 40062.1 15-US-01 
MS # 158537.1 



Patent 



Public and Private Components Operating within Multiple 
Applications of a Component-based Computing System 

Technical Field 

The invention relates generally to a component-based computing system and more 
particularly to component-based computing system having both publicly accessible and 
privately-only accessible computing components within multiple applications within the 
computing system. 

Background 

Object-oriented programming systems utilize collections of computer programming 
components executing within a system to form applications that provide a desired set of 
functionality. Components that possess authority to gain access to components present on a 
given system typically can identity and activate all other components that are presented on 
this system. This fact may allow processing systems to behave in manners that are different 
that initially intended as components attempt to access components that were not intended to 
be activated by a particular component. 

This potential deficiency in component-based systems typically arises when a 
component in one collection of components that is viewed to be a single application attempts 
to access components resident within a second application resident on the same computing 
system. No mechanism exists in current component based systems to confine activation calls 
for components between these applications to a small, well-defined set of access points. As 
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such, component based systems may be vulnerable to several different types of inappropriate 
and unauthorized behavior by applications. 

Computing systems developed prior to the creation of component-based systems did 
not necessarily suffer this system deficiency as executable sets of processing modules were 
5 linked together into a single executable module that accessed processing resources through 
the use of system calls to an operating system. As such, the entry points to executable 
modules was both well defined and under the control of a system administrator. Access to 
these system calls could be monitored and limited if appropriate. 

This situation is different in component based computing systems in which one 
10 component may call a second component which in turn may call a third component. This 
sequence of calls may extend to any number of levels. The various components may be 
developed by different individuals for completely different purposes. The net result of these 
combinations of component calls may not be well understood or easily traceable until 
inappropriate behavior has occurred. 

15 Summary 

The present invention relates to a method, apparatus, and article of manufacture for 
providing a component-based computing system having both publicly accessible and 
privately-only accessible computing components within multiple applications for providing 
component addressing/identification and naming spaces. 



Page 2 

Microsoft Corporation 
Patent Application 



A system in accordance with the principles of the present invention includes a 
computing system for activating a requested processing component initiated by a calling 
component within a local computing system. The computing system has an application 
activation control module for receiving a request to activate a component initiated by a 
calling component and activating an instance of the requested component, and an application 
identity module for determining the identity of one or more applications used to identify the 
requested processing component, a permit object activation module for determining whether 
an instance of the requested component may be activated. 

Other embodiments of a system in accordance with the principles of the invention 
may include alternative or optional additional aspects. One such aspect of the present 
invention is a method and computer data product encoding instructions for activating a 
requested processing component initiated by a calling component within a local computing 
system having two or more applications. The method determines the identity of the 
requested processing component, including an identity of a class ID and an identity of an 
application from a request to activate a component initiated by a calling component and 
obtains configuration data for the requested component, the configuration data comprises an 
indication of public-private status for the requested component. If the configuration data 
indicates that the requested component is a public component, an instance of the requested 
component is activated. If the configuration data indicates that the requested component is a 
private component, the method determines if the requested component is a member of an 
application that also includes the calling component as a member. If the requested 
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component and the calling component are members of the same application, an instance of * 
the requested component is activated. 

These and various other advantages and features of novelty which characterize the 
invention are pointed out with particularity in the claims annexed hereto and form a part hereof. 
However, for a better understanding of the invention, its advantages, and the objects obtained 
by its use, reference should be made to the drawings which form a further part hereof, and to 
accompanying descriptive matter, in which there are illustrated and described specific examples 
of an apparatus in accordance with the invention. 

Brief Description of the Drawings 

Fig. 1 illustrates a distributed computing environment for using public and private 
components within multiple applications located on a remote server according to an example 
embodiment of the present invention. 

Fig. 2 illustrates an exemplary computing system useful for implementing an 
embodiment of the present invention. 

Fig. 3 illustrates multiple applications containing programmable components within a 
remote server in an embodiment of the present invention. 

Fig. 4 illustrates a computing system for processing component activation using 
public and private components within multiple applications according to yet another example 
embodiment of the present invention. 

Fig. 5 illustrates a process flow diagram representing the processing performed as part 
of component activation using public and private components within multiple applications 
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according to yet another example embodiment of the present invention. 

Detailed Description 

The present invention relates to a code generation method, apparatus, and article of 
manufacture for providing a component-based computing system having both publicly 
accessible and privately-only accessible computing components within multiple applications 
within a component based computer system. 

Fig. 1 illustrates a distributed computing environment for using public and private 
components within multiple applications located on a remote server according to an example 
embodiment of the present invention. In an exemplary embodiment, remotely located client 
computing systems 101-103 access programmable computing processing components on a 
remote server 110 across a communications network 120. Within the server 1 10, at least two 
programming applications are included. 

When an active component on the server 1 10 needs to activate additional components 
to complete one or more processing tasks, the component selected for activation using the ID 
of the original calling client to determine where to find the component to be selected. While 
this example embodiment operates within a client-server environment, one skilled in the art 
will recognize that the use of multiple applications within component-based computing 
systems as disclosed herein is not limited to such a programming environment as the client 
processes that cause components to be activated according to the present invention as recited 
within the attached claims may also be located within the server as well as being located 
within remote client computing systems 101-103. 
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The processing performed pursuant to the present invention corresponds to the 
process followed when a component is activated. These components are typically individual 
object-oriented programming modules and the process of activating a component corresponds 
to the process of creating an instance of the component that is to be used to provide a 

5 function or operation to be performed for a given client 101-103. Once a component has 

been instantiated and is active in response to a component activation call 121, the instance of 
the component may be called one or more times to perform a desired operation. However, 
the processing associated with the present invention typically concerns the processing 
performed to identify the component when it is being activated and instantiated, rather than 

10 when the already active instance of the component is called a second time. The activated 
component cl 1 13 may itself make an activation call 122 to a component c2 1 14 that is part 
of the same application 1 12 or may make an activation call 123 to component c6 1 15 that is 
part of a second application 111. 

With reference to Figure 2, an exemplary system for implementing the invention 
1 5 includes a general-purpose computing device in the form of a conventional personal 

computer 200, including a processor unit 202, a system memory 204, and a system bus 206 
that couples various system components including the system memory 204 to the processor 
unit 200. The system bus 206 may be any of several types of bus structures including a 
memory bus or memory controller, a peripheral bus and a local bus using any of a variety of 
20 bus architectures. The system memory includes read only memory (ROM) 208 and random 
access memory (RAM) 210. A basic input/output system 212 (BIOS), which contains basic 
routines that help transfer information between elements within the personal computer 200, is 
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stored in ROM 208. 

The personal computer 200 further includes a hard disk drive 212 for reading from 
and writing to a hard disk, a magnetic disk drive 214 for reading from or writing to a 
removable magnetic disk 216, and an optical disk drive 218 for reading from or writing to a 
removable optical disk 219 such as a CD ROM, DVD, or other optical media. The hard disk 
drive 212, magnetic disk drive 214, and optical disk drive 218 are connected to the system 
bus 206 by a hard disk drive interface 220, a magnetic disk drive interface 222, and an optical 
drive interface 224, respectively. The drives and their associated computer-readable media 
provide nonvolatile storage of computer readable instructions, data structures, programs, and 
other data for the personal computer 200. 

Although the exemplary environment described herein employs a hard disk, a 
removable magnetic disk 216, and a removable optical disk 219, other types of computer- 
readable media capable of storing data can be used in the exemplary system. Examples of 
these other types of computer-readable mediums that can be used in the exemplary operating 
environment include magnetic cassettes, flash memory cards, digital video disks, Bernoulli 
cartridges, random access memories (RAMs), and read only memories (ROMs). 

A number of program modules may be stored on the hard disk, magnetic disk 216, 
optical disk 219, ROM 208 or RAM 210, including an operating system 226, one or more 
application programs 228, other program modules 230, and program data 232. A user may 
enter commands and information into the personal computer 200 through input devices such 
as a keyboard 234 and mouse 236 or other pointing device. Examples of other input devices 
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may include a microphone, joystick, game pad, satellite dish, and scanner. These and other 
input devices are often connected to the processing unit 202 through a serial port interface 
240 that is coupled to the system bus 206. Nevertheless, these input devices also may be 
connected by other interfaces, such as a parallel port, game port, or a universal serial bus 
5 (USB). A monitor 242 or other type of display device is also connected to the system bus 
206 via an interface, such as a video adapter 244. In addition to the monitor 242, personal 
computers typically include other peripheral output devices (not shown), such as speakers 
and printers. 

The personal computer 200 may operate in a networked environment using logical 
1 0 connections to one or more remote computers, such as a remote computer 246. The remote 
computer 246 may be another personal computer, a server, a router, a network PC, a peer 
device or other common network node, and typically includes many or all of the elements 
described above relative to the personal computer 200. The network connections include a 
local area network (LAN) 248 and a wide area network (WAN) 250. Such networking 
15 environments are commonplace in offices, enterprise-wide computer networks, intranets, and 
the Internet. 

When used in a LAN networking environment, the personal computer 200 is 

connected to the local network 248 through a network interface or adapter 252. When used 

in a WAN networking environment, the personal computer 200 typically includes a modem 

20 254 or other means for establishing communications over the wide area network 250, such as 

the Internet. The modem 254, which may be internal or external, is connected to the system 

bus 206 via the serial port interface 240. In a networked environment, program modules 
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depicted relative to the personal computer 200, or portions thereof, may be stored in the 
remote memory storage device. It will be appreciated that the network connections shown 
are exemplary, and other means of establishing a communications link between the 
computers may be used. 

5 Additionally, the embodiments described herein are implemented as logical 

operations performed by a computer. The logical operations of these various embodiments of 
the present invention are implemented (1) as a sequence of computer implemented steps or 
program modules running on a computing system and/or (2) as interconnected machine 
modules or hardware logic within the computing system. The implementation is a matter of 

10 choice dependent on the performance requirements of the computing system implementing 
the invention. Accordingly, the logical operations making up the embodiments of the 
invention described herein can be variously referred to as operations, steps, or modules. 

Fig. 3 illustrates multiple applications containing programmable components within a 
remote server in an embodiment of the present invention. Computing system 3 1 0 may 
15 contain one or more applications. 301-306. Each application 301-306 is a collection of object 
oriented components 311-313 that operate together to perform a processing function or task. 
Currently, systems allow any programming object who may access a component within a 
computer system to identify and activate any component within the system regardless of 
whether the component to be activated is located within a given application or not. 

20 First consider an activation call 320 made from outside server 3 10 to components c3' 

3 1 1 within application 303. In this example, component c3' 3 1 1 is configured to be a public 
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component. This property of the components is specified using configuration data accessed 
when the component is activated and is used by the server 310 to determine if a component 
may be activated. 

Component c3' 311, being a public component, may be activated by a call 320 
5 initiated by any remote component. When a component is designated as a public component, 
the component may be activated by a component located within any other application 
whether the application is located on server 1 10 or any other remote computing system. The 
component may, if desired, impose other security checks to determine whether the 
component may be activated. These additional security checks may be based upon 
1 0 ownership of the component, membership within an authorized group or user ID, or similar 
security protocols typically used to grant and deny access to a computer resource. 

In contrast, a private component, such as c2 314, may only be activated by a call 324 
initiated by a component within the same application 302. An external call 331 attempting to 
activate component c2 3 14 will fail. Component c2 3 14 may only be activated by a call 324 
1 5 initiated within its application 3 02. 

Similarly, an activation call 322 initiating activation of component c6 313 is 
successful if component c6 313 is a public component. Component c3' 311 may also initiate 
a call 321 to activate component c5 regardless of the public/private property of component c5 
3 12 since both of these components are within the same application 303. For the same 
20 reasoning discussed above, component c3' 311 may not activate component c2 3 14 with an 
activation call 324 because component c2 314 and component c3' 31 1 are not located within 
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the same application. 

Fig. 4 illustrates a computing system for processing component activation using 
public and private components within multiple applications according to yet another example 
embodiment of the present invention. Processing calls that require the activation of a 
5 component are received by a component activation control module 401 . The control module 
401 first determines the application of the component to be called, determines if the 
component may be activated, and, if appropriate, activates the appropriate component. 

The control module 401 obtains the ID of the application containing the component 
and any corresponding activation authorization before proceeding from a component 

1 0 authorization module 411. This component activation module 411 contains a user ID search 
module 412 and a userlD-component activation authorization database 413 to determine the 
needed information. The user ID search module 412 receives a request from the control 
module 401 and looks up the ID of the user making the request to activate a component in the 
database 413. If a match is found, the corresponding default application ID is retrieved and 

15 returned to the control module 401 for further processing. If no match is found, either an 
error or a default value is returned. 

In the above embodiment, the application identity module 41 1 corresponds to a 
directory service typically found on networks for providing user ID based configuration and 
security data. The component authorization module 41 1 is typically a centrally located data 
20 store that provides the requested information upon request. One skilled in the art will 

recognize that this database may be located anywhere in the computing system so long as it 
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provides the information needed by the present invention as recited within the attached 
claims. 

The control module 401 uses the returned information to cause a permit object 
activation module 421 to activate an instance of the requested component. Finally, the 

5 activation module 421 retrieves a configuration data record 424 from an Object Activation 
Configuration database 422 to determine if the activation of the object requires the use of one 
or more activators 431-433 to activate an instance of a component using a process such as 
component aliases, public/private components, and any other type of component activation 
processing desired. The decision to successfully activate a public and private component as 

1 0 discussed above is performed by a public/private activation module 43 1 . Other activation 
modules 432-433 perform any required processing to implement their respective functions. 
The activation of components may use one or more of these activation modules 431-433. 
Which of these modules 431-433, and the order in which any of these modules 431-433, are 
used when a component is activated in response to a given request is specified within the 

1 5 configuration data record 424. 

Fig. 5 illustrates a process flow diagram representing the processing performed as part 
of component activation using public and private components within multiple applications 
according to yet another example embodiment of the present invention. The process flow 
begins 501 as the process proceeds to a receive activation request module 511. The receive 
20 module 5 1 1 receives an activation request from a calling component that seeks to activate a 
non-active component within the server 1 10. 
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Once the request is received, the process, in module 512, determines the identity of 
the component to be activated from the identity of the requested class ID. Test module 513 
determines if the corresponding component exists. If the requested component does not 
exist, the processing proceeds to an error module 514 to generate and return a no such object 
5 class error message to the calling component before the process ends 502. 

If test module 513 determines that the requested component exists, the processing 
obtains the public/private indication data for the requested component in module 515. Test 
module 516 uses the data obtained in module 515 to determine if the requested component is 
a public component. If test module 516 determines that the requested component is a public 
1 0 component, an instance of the component is activated by module 5 1 7 and the process ends 
502. 

If test module 516 determines that the requested component is a private component, 
test module 518 determines if the calling component is within the same application as the 
requested component. If test module 518 determines that the requested component is within 
1 5 the same application, an instance of the component is activated by module 517 and the 

process ends 502. If test module 518 determines that the requested component is not within 
the same application, an error message is generated by error module 514 before the process 
ends 502. 

Figure 2 illustrates an example of a suitable operating environment 1 10 in which the 
20 invention may be implemented. The operating environment is only one example of a suitable 
operating environment 1 10 and is not intended to suggest any limitation as to the scope of 
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use or functionality of the invention. Other well known computing systems, environments, 
and/or configurations that may be suitable for use with the invention include, but are not 
limited to, personal computers, server computers, held-held or laptop devices, multiprocessor 
systems, microprocessor-based systems, programmable consumer electronics, network PCs, 
minicomputers, mainframe computers, distributed computing environments that include any 
of the above systems or devices, and the like. 

The invention may also be described in the general context of computer-executable 
instructions, such as program modules, executed by one or more computers or other devices. 
Generally, program modules include routines, programs, objects, components, data 
structures, etc. that perform particular tasks or implement particular abstract data types. 
Typically the functionality of the program modules may be combined or distributed in 
desired in various embodiments. 

A network server 110 typically includes at least some form of computer 

readable media. Computer readable media can be any available media that can be accessed 

by the network server 110. By way of example, and not limitation, computer readable media 

may comprise computer storage media and communication media. Computer storage media 

includes volatile and nonvolatile, removable and non-removable media implemented in any 

method or technology for storage of information such as computer readable instructions, data 

structures, program modules or other data. Computer storage media includes, but is not 

limited to, RAM, ROM, EEPROM, flash memory or other memory technology, BC-ROM, 

digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, 

magnetic disk storage or other magnetic storage devices, or any other medium which can be 
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used to store the desired information and which can be accessed by the network server 1 10. 

Communication media typically embodies computer readable instructions, data 
structures, program modules or other data in a modulated data signal such as a carrier wave 
or other transport mechanism and includes any information delivery media. The term 
5 "modulated data signal" means a signal that has one or more of its characteristics set or 
changed in such a manner as to encode information in the signal. By way of example, and 
not limitation, communication media includes wired media such as a wired network or direct- 
wired connection, and wireless media such as acoustic, RF, infrared and other wireless 
media. Combinations of any of the above should also be included within the scope of 
1 0 computer readable media. 

While the above embodiments of the present invention describe a network based 
processing system providing processing services to remote clients, one skilled in the art will 
recognize that the various distributed computing architectures may be used to implement the 
present invention as recited within the attached claims. It is to be understood that other 
15 embodiments may be utilized and operational changes may be made without departing from 
the scope of the present invention. 

The foregoing description of the exemplary embodiments of the invention has been 
presented for the purposes of illustration and description. They are not intended to be 
exhaustive or to limit the invention to the precise forms disclosed. Many modifications and 
20 variations are possible in light of the above teaching. It is intended that the scope of the 
invention be limited not with this detailed description, but rather by the claims appended 
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hereto. Thus the present invention is presently embodied as a method, apparatus, computer 
storage medium or propagated signal containing a computer program for providing a method, 
apparatus, and article of manufacture for providing network based processing system 
providing processing services to remote clients. 



Page 16 

Microsoft Corporation 
Patent Application 



